Dockerfile:$ HOME不适用于ADD / COPY指令
在提交一个bug之前,我想问一个人来确认我最近面临的怪异docker build行为。
考虑我们有一个简单的Dockerfile,我们试图将一些文件复制到非root用户的主目录中:
FROM ubuntu:utopic ENV DEBIAN_FRONTEND=noninteractive RUN sed -i.bak 's/http:\/\/archive.ubuntu.com\/ubuntu\//mirror:\/\/mirrors.ubuntu.com\/mirrors.txt\//g' /etc/apt/sources.list RUN echo "deb http://repo.aptly.info/ squeeze main" >> /etc/apt/sources.list.d/_aptly.list RUN apt-key adv --keyserver keys.gnupg.net --recv-keys e083a3782a194991 RUN apt-get update RUN apt-get install -y aptly RUN useradd -m aptly RUN echo aptly:aptly | chpasswd USER aptly COPY ./.aptly.conf $HOME/.aptly.conf COPY ./public.key $HOME/public.key COPY ./signing.key $HOME/signing.key RUN gpg --import $HOME/public.key $HOME/signing.key RUN aptly repo create -comment='MAILPAAS components' -distribution=utopic -component=main mailpaas CMD ["/usr/bin/aptly", "api", "serve"]
这是我正在试图build立这个形象时得到的:
... Step 10 : USER aptly ---> Running in 8639f826420b ---> 3242919b2976 Removing intermediate container 8639f826420b Step 11 : COPY ./.aptly.conf $HOME/.aptly.conf ---> bbda6e5b92df Removing intermediate container 1313b12ca6c6 Step 12 : COPY ./public.key $HOME/public.key ---> 9a701a78d10d Removing intermediate container 3a6e40b8593a Step 13 : COPY ./signing.key $HOME/signing.key ---> 3d4eb847abe8 Removing intermediate container 5ed8cf52b810 Step 14 : RUN gpg --import $HOME/public.key $HOME/signing.key ---> Running in 6e481ec97f74 gpg: directory `/home/aptly/.gnupg' created gpg: new configuration file `/home/aptly/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/aptly/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/aptly/.gnupg/secring.gpg' created gpg: keyring `/home/aptly/.gnupg/pubring.gpg' created gpg: can't open `/home/aptly/public.key': No such file or directory gpg: can't open `/home/aptly/signing.key': No such file or directory gpg: Total number processed: 0
看起来像$HOME是空的。 但为什么? 把绝对path,而不是$HOME家庭目录不是很方便。
这是你的问题:
当您使用USER指令时,它会影响用于在容器内启动新命令的用户标识。 所以,例如,如果你这样做:
FROM ubuntu:utopic RUN useradd -m aptly USER aptly RUN echo $HOME
你得到这个:
Step 4 : RUN echo $HOME ---> Running in a5111bedf057 /home/aptly
因为RUN命令在一个容器内启动一个新的shell,这个容器被前面的USER指令所修改。
当你使用COPY指令时,你并没有在容器中启动一个进程,Docker也无法知道shell将暴露什么(如果有的话)环境variables。
您最好的select是在您的Dockerfile中设置ENV HOME /home/aptly aptly,这将起作用,或者将您的文件放到临时位置,然后:
RUN cp /skeleton/myfile $HOME/myfile
另外,请记住,当你COPY文件时,它们将被root ; 您将需要明确地将它们发送给适当的用户。